I'm not really one to tell people what to do but.... I really think the server really needs to get a dedicated SSL certificate and force HTTPS at least over the website and forums. In a perfect world the login server too. Right now everyone's log in information including passwords are sent over plain text and are completely vulnerable to capture and attack. While I myself use a different password for everything, others may not and having information sent over an encrypted connection is very dangerous. I personally use RapidSSL from GeoTrust on my own website and its only 10$ a year. Shit, I just donated over that amount right now to the server. Also can we get an option to have the clients available for download in a .zip format?
Hmm, I believe it was set up, we may have broken it when we switched over to using Incapsula, I'm going to tag @Chokladkakan and @Matt here to make sure this gets resolved as I agree. The login server that can't happen as even if the login server was set up for HTTPS, the client does not support it so really there's nothing that we can do. That would have to wait until a custom client comes about.
I figured as much. You might have luck creating a client wrapper w/ SSL. I've also heard of people hack SSL into clients, but never really seen it myself. But its not really super important. Thanks for the quick replies.
We've been using HTTPS for a long time (using strict transport, too; spectacular how you've managed to never visit the site through an HTTPS link once!). What we haven't been doing is forcing users to use it---until now! I had forgotten, and thanks for reminding me.
